<!--#include file="lib/utf-8.asp"-->
<!--#include file="lib/connopen.asp"-->
<!--#include file="lib/asp-common-lib.asp"-->
<!--#include file="lib/asp-json-lib.asp"-->
<!--#include file="lib/md5/md5.asp"-->
<%
Response.ContentType = "application/json"
action=saferequest("action",0)
username=saferequest("username",0)
' 大写md5后的密码
password=Ucase(saferequest("password",0))
checkpws=saferequest("checkpws",0)
' md5password=lcase(md5(saferequest("password",0)))
md5password=password
' response.write(md5("admin@219"))
' response.write(password)

' response.end
dim json,i,iLoginUser,iClientId
iLoginUser="null"
set json=jsObject()
if action="登录" then
  set rs=server.createobject("adodb.recordset")
  sql="select id from username where username='"&username&"'"
  ' response.write sql
  ' response.end
  rs.open sql,conn,1,1
  if not rs.eof then
    iLoginUser=rs("id")
  end if
  rs.close
  iClientId=OperateClient(iLoginUser)
  session("iClientId")=iClientId
  if iLoginUser<>"null" then
    sql="select * from username left join flag on username.id=flag.username where username.username='"&username&"' and [password]='"&md5password&"' and active=true"
    rs.open sql,conn,1,1
    if not rs.eof then
      session.TimeOut=60
      json("bStatus")=true
      ' session("sSystem")="yongding"
      session("bLogin")=true
      session("iId")=rs("id")
      session("sUserName")=rs("username.username")
      session("sFullName")=rs("fullname")
      session("iWtr")=rs("wtr")
      session("bWan")=rs("wan")
      session("bEmployee")=rs("employee")
      session("bNotFee")=rs("notfee")
      session("aFields")=array("post","flag")
      'session("iClientId")=iClientId

      ' session中存储的是数组，不能直接修改session内数组的值，只能通过普通数组整个赋值给session来修改
      ' session("aaPostFlag")=rs.getrows(,,session("aFields")) 是错误的
      dim aaPostFlag
      aaPostFlag=array()
      aaPostFlag=rs.getrows(,,session("aFields"))
      session("aaPostFlag")=aaPostFlag
      
      ' 获得岗位的ID、中文名称保存到session中
      set rs_post=server.createobject("adodb.recordset")
      sql_post="select id,post from post order by id"
      rs_post.open sql_post,conn,1,1
      session("aaPostName")=rs_post.getrows()
      rs_post.close
      set rs_post=nothing
      
      
      ' 如果访问的不是内网网卡地址，就说明是外网的用户，vpn拨号进来访问的也是内网地址
      if not CheckLan() then
        ' 有没有外网的访问权限，如果有，就全部重置权限为5-查询、查看、添加、编辑、删除(admin除外)
        ' 就是去掉管理员权限，不能在外网对“系统管理”部分进行访问和修改
        if session("bWan") then
          if not CheckPostFlag(session("aaPostFlag"),0,15) then
            for i=0 to ubound(aaPostFlag,2)
              ' 对低于5权限的不做修改
              if aaPostFlag(1,i)>=5 then aaPostFlag(1,i)=5
            next
            session("aaPostFlag")=aaPostFlag
          end if
        else
          session.abandon
        end if
      end if
      ' 由于用js传递md5过的密码，因此密码强度验证也交给js来验证
      ' if not CheckPassword(password) then
      if not checkpws then
        session("aaPostFlag")=""
        json("bChangePws")=true
        json("sInfo")="提示:密码过于简单，请立即修改密码"
      end if
      
      call SimpleRecord("username",iLoginUser,"登录","成功",iLoginUser,session("iClientId"),false)
    else
      json("bStatus")=false
      json("sInfo")="登入错误:密码错或用户帐号未激活"
      call SimpleRecord("username",iLoginUser,"登录",json("sInfo"),iLoginUser,session("iClientId"),false)
      
    end if
    rs.close
  else
    json("bStatus")=false
    json("sInfo")="登入错误:用户名 "&username&" 不存在"
    call SimpleRecord("username",iLoginUser,"登录",json("sInfo"),iLoginUser,session("iClientId"),false)
  end if
  
  set rs=nothing
elseif action="退出" then
  session.abandon
  json("bStatus")=true
end if
json.Flush

%>
<!--#include file="lib/connclose.asp"-->